This is a mirror of official site: http://jasper-net.blogspot.com/

Encrypting Communication between C# and PHP

| Sunday, July 10, 2011
Introduction

The first section of this article gives some background. The second section describes how to install and get the example scripts working for you so that you can verify that they work and have something to build off of. The third section discusses how to use the library I wrote for your own applications, giving you the guidance to utilize the library to its fullest. The fourth section describes the actual code of the library, how it works, and why I made the choices that I did.

If you are like me, you will probably want to know more about how I make C# and PHP work together in code and not just blindly use my library. However, I have included detailed usage instructions just in case you only want to copy, paste, and make it work.


Background

Several weeks ago, I was writing a proof of concept program in C# that, in part, required connecting to a PHP script securely. I did not have the option of using SSL, so I opted to using something more customized. Figuring that a specific encryption algorithm will work exactly the same regardless of the language that is implementing it, I simply used the built-in algorithms provided in C# and PHP. This assumption is true, for the most part; however, I was having a surprisingly difficult time getting the encryption to actually work between Microsoft's library and PHP's Mcrypt library. After several hours of failure, I eventually broke down and Googled a quick solution. Normally, I find an example close to what I need in a few minutes, but I looked for a long time and could not find a suitable solution. Nobody seemed to quite have a complete answer to the many people out there who were asking for help trying to do exactly what I was trying to do. Many questions were answered unsatisfactorily, none answered the full topic, others did not get any response at all, and an occasional person would eventually respond to his own question saying nothing more than "I got it to work," but would not help out the rest of us by posting his solution. I had already spent enough time trying to find a "quick" solution, so at this point, I went ahead and wrote my own. It took me a full Saturday, but I got it working. This article details what I did to get it working, provides a library that you can use, and should hopefully help out others who are in the same dilemma that I was.


The AES Algorithm

The Advanced Encryption Standard is a widely used block cipher based on the Rinjdael encryption algorithm. And by based, I mean that AES is a subset of Rinjdael in that it has a fixed block size of 128 bits, whereas Rinjdael supports variable block lengths of 128, 192, or 256 bits. Do not confuse block length with key length. AES supports key lengths of 128, 192, or 256 bits (when you see references to AES-128, AES-192, or AES-256, the number indicates the key size and not the block size).

AES is a symmetric algorithm, meaning that the same key must be used both to encrypt and decrypt a message. Although the algorithm is strong, you must have a secure way of getting the key to both parties without anybody intercepting the key along the way and using it to read your messages. This is where we need an asymmetric encryption algorithm.


Read more: Codeproject
QR: cs2phpcryptography.aspx

Posted via email from Jasper-net

0 comments: